How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How does DS (All versions) store password values?

Last updated Jan 12, 2023

The purpose of this article is to provide information on the password storage scheme formats used in DS. This information can help you understand the secureness of different schemes and how they compare. Additionally this information may be helpful if you have passwords hashed in another system and want to convert them for import into DS.

6 readers recommend this article

Overview

DS 7 introduced new password storage schemes, and also disabled less secure and reversible schemes by default for improved security. See Default Security Settings for further information.

The password storage schemes enabled by default are:

  • Argon2 (DS 7.2 and later)
  • Bcrypt
  • PBKDF2-HMAC-SHA256
  • PBKDF2-HMAC-SHA512
  • SCRAM-SHA-256
  • SCRAM-SHA-512

Password storage scheme formats

The following table provides details of the password scheme formats in use in DS, where:

  • <digest> is the bytes returned from the relevant asymmetric hashing function.
  • <encrypted> is the bytes returned from the relevant symmetric encryption function.
  • <salt> is the salt bytes.
  • <iterations> is the number of iterations.
  • base64(...) is the standard base64 encoding of ...
  • "" surrounds literal characters in the password value.

Password Schemes

Name Applicable versions Salt size (bytes) Key size (bits) Format
3DES All ±   168 "{3DES}" base64(<encrypted>)
AES All ±   128 "{AES}" base64(<encrypted>)
Argon2 DS 7.2 and later 16  

"{ARGON2}" "$" <variant> "$v=19 "$m=" <memory> ",t=" <iterations> ",p=" <parallelism> "$" base64(<salt>) "$" base64(<hash>)

Where:

  • <variant> is the variant of the Argon2 algorithm to use (argon2d, argon2i or argon2id). Default is argon2id.
  • <memory> is the amount of memory to use for a single hash, expressed in kibibytes. Default is 15360.
  • <parallelism> is the number of threads to use in parallel to compute a hash. Default is 1.
Base64 All     "{BASE64}" base64(<password>)
Bcrypt * All 16   "{BCRYPT}" <digest>
Blowfish All ±   128 "{BLOWFISH}" base64(<encrypted>)
Clear All     "{CLEAR}" <password>

Crypt

  • UNIX **
  • MD5 ***
  • SHA256 ***
  • SHA2512 ***
 All
  • 2
  • 8
  • 8
  • 8
  
  • "{CRYPT}" <digest>
  • "{CRYPT}" "$1$" <digest>
  • "{CRYPT}" "$5$" <digest>
  • "{CRYPT}" "$6$" <digest>
MD5 Pre-DS 7     "{MD5}" base64(<digest>)
PBKDF2 (PBKDF2-HMAC-SHA1) All 16 (8 in pre-DS 7)   "{PBKDF2}" <iterations> ":" base64(<digest> <salt>)
PBKDF2-HMAC-SHA256 DS 7 and later 16   "{PBKDF2-HMAC-SHA256}" <iterations> ":" base64(<digest> <salt>)
PBKDF2-HMAC-SHA512 DS 7 and later 16   "{PBKDF2-HMAC-SHA512}" <iterations> ":" base64(<digest> <salt>)
PKCS5S2 (PKCS#5 V2.0 Scheme 2) **** All 16   "{PKCS5S2}" base64(<digest> <salt>)
RC4 Pre-DS 7 ±   128 "{RC4}" base64(<encrypted>)
Salted MD5 Pre-DS 7 8   "{SMD5}" base64(<digest> <salt>)
Salted SHA-1 All 16 (8 in pre-DS 7)   "{SSHA}" base64(<digest> <salt>)
Salted SHA-256 All 16 (8 in pre-DS 7)   "{SSHA256}" base64(<digest> <salt>)
Salted SHA-384 All 16 (8 in pre-DS 7)   "{SSHA384}" base64(<digest> <salt>)
Salted SHA-512 All 16 (8 in pre-DS 7)   "{SSHA512}" base64(<digest> <salt>)
SCRAM-SHA-256 DS 7 and later     Refer to RFC 5802, RFC 5803 and RFC 7677 for further details on the format.
SCRAM-SHA-512 DS 7 and later     Refer to RFC 5802, RFC 5803 and RFC 7677 for further details on the format.
SHA-1 All     "{SHA}" base64(<digest>)

± Deprecated in DS 7

* This <digest> is OpenBSD's bcrypt implementation, which uses a custom base64 encoding. See bcrypt - A FutureAdaptable Password Scheme for further information.

** This is a traditional Unix algorithm (12-bit salt).

*** See Modular Crypt Format for further information.

**** See Atlassian’s PBKDF2-based Hash for further information.

See Password Storage Scheme for details of what properties are allowed for each scheme.

Example Using Salted SHA-1

The following Java 11 code breaks apart a password hashed using the Salted SHA-1 scheme. The SHA-1 algorithm always returns 20 bytes, and the example code works successfully with passwords encoded with different size salts:

import java.util.Arrays; import java.util.Base64; public class Demo {   static final int SHA_ALGORITHM_SIZE = 20; // Number of bytes returned from a SHA-1 hash     static final String PREFIX = "{SSHA}"; // Salted SHA-1 prefix     public static void main(String[] args)     {         var original = "{SSHA}jDgrs5iv+guDhuU9tuWp3Y4NIMxJ8jb8Cd1uu8w/urdrRB5V"; // "secret"         var base64 = original.substring(PREFIX.length());         var bytes = Base64.getDecoder().decode(base64);         var hashBytes = Arrays.copyOfRange(bytes, 0, SHA_ALGORITHM_SIZE);         var saltBytes = Arrays.copyOfRange(bytes, SHA_ALGORITHM_SIZE, bytes.length);         System.out.println("Hash length = " + hashBytes.length);         System.out.println("Salt length = " + saltBytes.length);     } }

For example, if you save this as Demo.java and run it:$ javac Demo.java ; java Demo Hash length = 20 Salt length = 16

See Also

FAQ: Passwords in DS

Password Storage

Related Training

N/A

Related Issue Tracker IDs

N/A
Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.